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DETAILED ACTION 

This office action is in response to tine amendments filed on 5/4/2008. Claims 1-8, 10-19 
are pending. Claims 1 and 15 have been amended. 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 
5/4/2008 has been entered. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1 , 8 and 15 have been considered 
but are moot in view of the new ground(s) of rejection. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 

the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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4. Claims 1, 3, 5-8, 11-15, 17, and 19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Talpade et al. (U.S. Patent Pub. No. 2004/0148520 Al) in view of 
Stone et al. (U.S. Patent No. 7,062,782 B1) 

As to claim 1, Talpade et al. discloses network comprising of: a plurality of edge 
routers (fig. 2 , 226,228) a plurality of core routers (fig. 2, 202,where core routers are 
parts of the ISP network, page 2, [0016]) adapted to allow communication between said 
plurality of edge routers; a VPN application (fig.2 , 232, analysis engine)in 
communication with a first one of said plurality of edge routers(, pg.2 , [0017], where the 
analysis engine is connected to the border router and edge router), said VPN 
application having a first IP address; and a discloses a black-hole router ("filter router" , 
fig.2 , 230) in communication with said core routers, 

Talpade does not explicitly disclose the black-hole routers injecting a second IP 
address into the ISP VPN network and said second IP address comprising: the same 
address as the first IP address, a higher preference value than said first IP address and 
a community value such that when said second IP address is injected, a selected first 
number of edge routers direct VPN traffic addressed for said first IP address to said 
VPN application and a selected second number of edge routers direct VPN traffic 
addressed for said first IP address to said black-hole router 

In an analogous art. Stone et al. discloses a black-hole router (fig.3, 301 , tracking 
router) in communication with said plurality of core routers, said black-hole router 
adapted to inject a second IP address( column 8, lines 42-45; tracking routers announce 
routes ) into said ISP VPN network, said second IP address comprising: the same jP 
address as the first IP address (column 8, lines 65-column 9, line 4; static route has the 
destination of the edge router closest to the victim ), a higher preference value than said 
first IP address (column 9 , lines 5-10; the static route takes precedence over the route 
from the route from the tracking network); and a community value such that when said 
second IP address is injected , a selected first number of edge routers direct VPN traffic 
addressed for said first IP address to said VPN application and a selected second 
number of edge routers direct VPN traffic addressed for said second IP address to said 
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black-hole router (column 9, lines 5-12; wherein the routes when received can still 
forward traffic to the victim which includes the first address as well to the egress edge 
router which encompasses the second address) 

At the time of the invention, it would have been obvious to a person of ordinary 
skilled in the art to modify Talpade et al. with Stone et al. to use a tracking router to 
inject a static route of the packets going to the victim while still allowing the victim to 
receive packets . The rationale behind this modification is to divert traffic using the static 
route so as to migitate a DDoS attack. 

As to claim 3, Talpade et al. does not disclose the ISP VPN network wherein 
said black-hole router injects said second IP address in response to a Distributed Denial 
of Service (DDoS) attack on said VPN application. 

Stone et al. does discloses the ISP network wherein said black-hole router (tracking 
router) injects said second IP address (static route) in response to a Distributed Denial 
of Service (DDOS) attack on said VPN application, (column 8, line 65-column 9, line 12) 

As to claim 5, Talpade et al. does not disclose to propagate the injected second 
IP address to said edge routers. 

discloses the ISP network, wherein said ISP network utilizes dynamic routing protocols 
in combination with community-based route filtering to propagate the injected second IP 
address to said edge routers. 

Stone et al. does discloses the ISP network, wherein said ISP network utilizes 
dynamic routing protocols (column 8, lines 45-64; BGP, IBGP) in combination with 
community-based route filtering (column 8, lines 42-45; tracking routers utilize BGP 
announce routes to the edge routers) to propagate the injected second IP address to 
said edge routers. 

As to claim 6, Talpade et al.-Stone et al. discloses the ISP network, wherein 
said second number of edge routers directs VPN traffic, addressed for said first IP 
address, to said black hole router( filter router), said black hole router is adapted to 
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receive sucli traffic as black-holed-traffic (DDoS traffic)(Talpade et al., [0032]), said 
black-hole router adapted to analyze said black-holed traffic in order to determine a ratio 
of attack traffic to legitimate traffic.( Talpade et al, [0033], where filter router examines 
traffic and removes the DDoS traffic after checking to see if it is legitimate traffic.) 

As to claim 7, Talpade et a!.- Stone et al. discloses the ISP network where the 
network comprises of at least one route reflector ("traffic filter" which is a part of the 
"filter router") each one of said route reflectors being connected to a different set of 
edge routers from said plurality of edge routers, said route reflectors being adapted to 
update said edge routers with route instructions, such route instructions including said 
injected second address. (Talpade et al., [0017], "filter router" advertises this updated 
routing information to each border router and edge router) 

As to claims 8 and 11, these are methods corresponding to the method in claim 
1 . Therefore it has been analyzed and rejected based upon system in claim 1 . 

As to claim 12, Talpade et al. -Stone et al. discloses the method wherein said 
injected instruction (routing information) is a Border Gateway Protocol (BGP) routing 
instruction. (Talpade et al, [0037]) 

As to claim 13, this is a method corresponding to system in claim 6. Therefore it 
has been analyzed and rejected based upon system in claim 6. 

As to claim 14, this is a method corresponding to system in claim 7. Therefore it 
has been analyzed and rejected based upon system in claim 7. 

As to claims 15, this is a method corresponding to the method in claim 1 . 
Therefore it has been analyzed and rejected based upon system in claim 1 . 
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As to claim 17, this is a metliod corresponding to system in claim 6. Tlierefore it 
has been analyzed and rejected based upon system in claim 6. 

As to claim 19, this is a method corresponding to system in claim 7. Therefore it 
has been analyzed and rejected based upon system in claim 7. 

5. Claims 4 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Talpade et al. (U.S. Patent Pub. No. 2004/0148520 A!) in view of Stone et al. (U.S. 
Patent No. 7,062,782 B1) in further view of Afek et al.(U.S. Patent Pub. No. 
2002/0083175) 

As to claim 4, Talpade et al. -Stone et al. does not disclose the ISP network 
wherein said community value can be changed in real-time by said black-hole router. 

Afek et al. does discloses the ISP network wherein said community value(routing 
information) can be changed in real-time by said black-hole router (guard machines). ( 
[0261 )], where the guard decide when the attack has ended and reverse the settings 
previously performed) 

As to claim 18, this is a method corresponding to system in claim 4. Therefore it 
has been analyzed and rejected based upon system in claim 4. 

6. Claims 2, 10, and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Talpade et al. (U.S. Patent Pub. No. 2004/0148520 Al ) in view of Stone et al. 
(U.S. Patent No. 7,062,782 B1) in further view of Yamauchi (U.S. Patent Pub. No. 
2002/003701 OA! ) 
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As to claim 2, Talpade as modified does not disclose a ISP system that is 
a Multiprotocol Label Switching Virtual Private Network (MLS VPN). 

Yamauchi does disclose a virtual private network that uses the Multiprotocol 
Label Switching, (abstract) 

At the time of the invention, it would have been obvious to a person of ordinary 
skilled in the art to modify Talpade et al. with Yamauchi to use the Multiprotocol Label 
switching in a VPN network which is a similar to the network used in the network taught 
by Talapade et al. The rationale behind this modification is that a particular known 
technique was recognized as part of the ordinary capabilities of one skilled in the art. 

As to claim 10, this is a method corresponding to the method in claim 2. 
Therefore it has been analyzed and rejected based upon system in claim 2. 

As to claim 16, this is a method corresponding to the method in claim 2. 
Therefore it has been analyzed and rejected based upon system in claim 2. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to JOE CHACKO whose telephone number is (571 )270- 
3318. The examiner can normally be reached on Monday-Friday 7:30am-5pm EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Bunjob Jaroenchonwanit can be reached on 571-272-3913. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
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Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/J. C.I 

Examiner, Art Unit 2456 

/Bunjob Jaroenchonwanit/ 

Supervisory Patent Examiner, Art Unit 2456 



